CMSContext.CurrentUser is not updated after UserInfoProvider.SetPassword is called when using SQL Se

My setup is Kentico CMS 7.0.83 using SQL Server 2012 for session state. Note that the behavior in question does not occur when using InProc session state. And that I have only tested SQL Server and InProc.

CMSContext.CurrentUser password is not updated when the current user's password is changed via UserInfoProvider.SetPassword. It is pretty easy to reproduce. See the code below. You can also split the SetPassword and IsUserPasswordDifferent calls into multiple postbacks (and possibly multiple requests) and get the same result.

My use case is that the if the user changes his or her password twice in a row, it bombs out on the second try. My workaround is to load the current user's UserInfo seperately through UserInfoProvider.GetUserInfo, and then pass that into IsUserPasswordDifferent.

I dotPeeked into CMS.SiteProvider and found that UserInfo.GetValue("UserPassword"), which returns the hashed password, is what appears to be out of sync.

That would be understandable if this behavior occurred in both InProc and SQL Server session state, but it only happens to the latter...

string newPassword = "newPassword";
UserInfoProvider.SetPassword(CMSContext.CurrentUser.UserName, newPassword);
UserInfo userInfo = UserInfoProvider.GetUserInfo(CMSContext.CurrentUser.UserName);
string passwordHash1 = CMSContext.CurrentUser.GetValue("UserPassword").ToString();
string passwordHash2 = userInfo.GetValue("UserPassword").ToString();
// If session state is InProc, passwordHash1 and passwordHash2 are the same.
// Both = the new password (set by the UserInfoProvider.SetPassword call).
// If session state is SQL Server, passwordHash1 and passwordHash2 are different:
// passwordHash1 is the old password (from CMSContext.CurrentUser, which mysteriously wasn't updated)
// passwordHash2 is the new password (set by the UserInfoProvider.SetPassword call).